Date: Mon, 23 Jul 2012 12:05:21 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: jmattax@clanspum.net Cc: freebsd-pf@freebsd.org Subject: Re: PF suddenly malfunctioned Message-ID: <20120723100521.GC32530@insomnia.benzedrine.cx> In-Reply-To: <effb611b289f2b14d345c1cd63c9828a.squirrel@mail.clanspum.net> References: <effb611b289f2b14d345c1cd63c9828a.squirrel@mail.clanspum.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If you can reliably reproduce the problem with en.wikipedia.org, I
suggest the following:
On the firewall
1) enable verbose logging with pfctl -xm
2) save the output of pfctl -si and netstat -s
3) run the following three tcpdump in parallel, and save the output:
tcpdump -s 1600 -nvvvpSi xl0 'host 91.198.174.225'
tcpdump -s 1600 -nvvvpSi re0 'host 91.198.174.225'
tcpdump -s 1600 -nvvveeepi pflog0
On a client
4) printf "GET /wiki/Main_Page HTTP/1.1\r\nHost: en.wikipedia.org\r\n\r\n" |
nc -v 91.198.174.225 80 | wc -c
5) this should hang until some timout occurs, you need only wait 10s.
Back on the firewall
6) re-run pfctl -si and netstat -s (again saving the output)
7) stop the tcpdumps
8) check /var/log/messages for anything from pf
The post the outputs :)
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120723100521.GC32530>